Your mamma was right: Honesty is the best (privacy) policy. Be up front about what you do (or may do in the future) with your customer’s personal information. Many privacy policies make one of three “honesty” mistakes: 1. Over-Promising, 2. Under-Promising, 3. Omission. Each carries liability, so it is better to avoid any of the three.
Don’t under-promise. FTC guidelines and many state laws require that your company takes reasonable and appropriate measures on a case-by-case basis. It may be tempting to try and disclaim all duties to protect your customers, especially if you’ve had a breach. But this approach has pitfalls. First, it is impossible to disclaim all duties to your customers’ privacy. Second, you may scare away potential customers, or invite scrutiny (as Facebook well knows). Third, FTC actions have indicated that businesses cannot take a “wait-and-see” approach to consumer privacy. Instead, companies have a duty to act reasonably and detect problems before they cause loss, particularly if the they have made privacy promises to their employees or customers.
Tell the whole truth. Another temptation is to remain conveniently silent on a privacy issue you’d rather not talk about. This is also a risky strategy, because state laws (such as California, Texas, and soon-to-be Massachusetts, to name a few) impose specific disclosure requirements. Whether or not required by law, failure to disclose important privacy practices can spark FTC enforcement action as a deceptive consumer practice.
Be Complete & Conspicuous
Get it Right the First Time
If You Say it, Do it
We’re all familiar with the Miranda phrase, “anything you say can and will be used against you â€¦” by the FTC. If you make a representation in your privacy or security policy, you’d better be able to live up to it. FTC enforcement actions demonstrate that website owners must adhere to any statements of privacy or security, whether the statement is made online or offline.
It’s Your Business
As a CEO, COO, or Managing Director, you should do three things:
- First, read your privacy and security policy. If it confuses you, it will confuse your customers. If it confuses your customers, it might be interpreted as deceptive by the FTC.
* No bias, and a healthy dose of sarcasm. In this case the author wishes to think of his opinion on the lawyers as an expert opinion rather than a biased one. In the author’s experience, there is occasionally little difference between “expert” and “biased” opinions.